blob: bccb547949e94b8996eb2327d4263692460b490e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
'\" t
.TH "SYSTEMD\-TPM2\-SETUP\&.SERVICE" "8" "" "systemd 255" "systemd-tpm2-setup.service"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
systemd-tpm2-setup.service, systemd-tpm2-setup-early.service, systemd-tpm2-setup \- Set up the TPM2 Storage Root Key (SRK) at boot
.SH "SYNOPSIS"
.PP
systemd\-tpm2\-setup\&.service
.PP
/usr/lib/systemd/systemd\-tpm2\-setup
.SH "DESCRIPTION"
.PP
systemd\-tpm2\-setup\&.service
and
systemd\-tpm2\-setup\-early\&.service
are services that generate the Storage Root Key (SRK) if it hasn\*(Aqt been generated yet, and stores it in the TPM\&.
.PP
The services will store the public key of the SRK key pair in a PEM file in
/run/systemd/tpm2\-srk\-public\-key\&.pem
and
/var/lib/systemd/tpm2\-srk\-public\-key\&.pem\&. It will also store it in TPM2B_PUBLIC format in
/run/systemd/tpm2\-srk\-public\-key\&.tpm2_public
and
/var/lib/systemd/tpm2\-srk\-public\-key\&.tpm2b_public\&.
.PP
systemd\-tpm2\-setup\-early\&.service
runs very early at boot (possibly in the initrd), and writes the SRK public key to
/run/systemd/tpm2\-srk\-public\-key\&.*
(as
/var/
is generally not accessible this early yet), while
systemd\-tpm2\-setup\&.service
runs during a later boot phase and saves the public key to
/var/lib/systemd/tpm2\-srk\-public\-key\&.*\&.
.SH "FILES"
.PP
/run/systemd/tpm2\-srk\-public\-key\&.pem, /run/systemd/tpm2\-srk\-public\-key\&.tpm2b_public
.RS 4
The SRK public key in PEM and TPM2B_PUBLIC format, written during early boot\&.
.sp
Added in version 255\&.
.RE
.PP
/var/lib/systemd/tpm2\-srk\-public\-key\&.pem, /var/lib/systemd/tpm2\-srk\-public\-key\&.tpm2_public
.RS 4
The SRK public key in PEM and TPM2B_PUBLIC format, written during later boot (once
/var/
is available)\&.
.sp
Added in version 255\&.
.RE
.SH "SEE ALSO"
.PP
\fBsystemd\fR(1)
|
